SE Linux patch(Re: [BusyBox] SE Linux)
Takeharu KATO
takeharu1219 at ybb.ne.jp
Mon May 2 21:06:58 UTC 2005
Dear Landley:
>
> Okay, since this came up again... I dont' use selinux, but I do commit things
> to the busybox repository (until Erik screams about it, anyway), so lemme
> read the patch...
>
Thank you for your review.
> In theory when the whole #ifdef is surrounded by an #if statement like that,
> the #ifdef #endif could be replaced with a #define hidden in a header
> somewhere that allows the compiler's dead code elimination to handle things.
> Just a comment...
>
>
Okey, I will fix this issue.
>>> #ifdef CONFIG_SELINUX
>>>- while ((p = procps_scan(0, 0, NULL)) != 0) {
>>>+ security_context_t sid=NULL;
>>>+ while ((p = procps_scan(0, 0,&sid)) != 0) {
>>> #else
>>> while ((p = procps_scan(0)) != 0) {
>>> #endif
>
>
Sorry, I'll move curly bracket into out-side of #ifdef.
>>> #ifdef CONFIG_SELINUX
>>> if(use_selinux)
>>> {
>>>- if(fstat_secure(fileno(fp), &sb, sid))
>>>- continue;
>>>+ if (is_selinux_enabled()) {
>>>+ if (getpidcon(pid,sid)<0)
>>>+ continue;
>>>+ }
>>> }
>>>- else
>>> #endif
>
>
> Again the if() wrapped #ifdef...
>
I'll fix it.
>
>>> syslog(LOG_INFO, "System Maintenance Mode\n");
>>>- run_shell(pwent.pw_shell, 1, 0, 0);
>>>+#ifdef CONFIG_SELINUX
>>>+ getcon(&sid);
>>>+#endif
>>>+ run_shell(pwent.pw_shell, 1, 0, 0
>>>+#ifdef CONFIG_SELINUX
>>>+ , sid
>>>+#endif
>>>+ );
>>> return (0);
>>> }
>
>
> This part makes my eyeballs hurt. You're changing the number of arguments of
> run_shell depending on a config option. Is there some way to make sid a
> global, or have it re-query it or something?
>
I'll try to solve the issue.
I may introduce a new static variable to store current sid, and
run_shell use it as its sid.
And these codes are changed as follows:
1) To set the security context, it calls the function to which present
sid is renewed.
2) call normal run_shell.
By this approach, run_shell function can be remained same.
More information about the busybox
mailing list